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Application Papers 
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Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 



1 . A request for continued examination under 37 CFR 1 . 1 1 4, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 



2. Applicant's submission filed on January 20, 2006 has been entered and made of 
record. 



Double Patenting 



The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 
644 (CCPA 1969). 
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A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply 
with 37 CFR 3.73(b). 

3. Claims 1 - 68 provisionally rejected on the ground of nonstatutory obviousness- 
type double patenting as being unpatentable over amended Claims 1 - 57 of copending 
Application No. 10015501. Although the conflicting claims are not identical, they are not 
patentably distinct from each other because the instant case, all elements of claims 1 - 
68 correspond to the claims of 1 - 57 of the copending application amended claims, 
except in the instant claims, performing at least one security related operation on the 
SOAP message based on the at least one security rule when the determining 
determines that at least one security rule is associated with the SOAP message , is 
referred in the copending application as d etermining whether at least one rule is 
associated with the SOAP message: evaluating the at least one rule when the 
determining determines that at least one rule is associated with the SOAP message: 
and processing the SOAP message based on the result of the evaluating of the at least 
one rule . It would have been obvious to one having ordinary skill in the art to recognize 
that performing at least one security related operation on the SOAP message based on 
the at least one security rule, is equivalent to evaluating the at least one rule associated 
with the SOAP message and processing the SOAP message based on the result of the 
evaluating of the at least one rule . 
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This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 36 recites the limitation "the remedial" in line 1. There is insufficient 
antecedent basis for this limitation in the claim. 

Response to Arguments 

4. Applicant's arguments filed January 20, 2006 have been fully considered but they 
are not persuasive. 

Applicant's argument regarding the filing date of both prior art references being 
after the instant application is correct but both applications claim priority with provisional 
applications which are before the filing date of the instant application. See MPEP § 
201 .1 1 for the conditions for receiving the benefit of the filing date of the prior 
application 

Applicant argues that the provisional application 60/324,191 do not teach or 
suggest "a security rule defined for a SOAP messages based on a security policy" and 
"a security rule including a mapping between one or more security-keys that are 



Application/Control Number: 1 0/01 5,502 Page 5 

Art Unit: 2136 

respectively used by a client and a server program". These arguments are not found 
persuasive. 

60/324,191 discloses "The communication between client and service over the 
SOAP protocol, receiving a SOAP message from a client, the web services 
infrastructure is able to check authentication, authorization to determine if the method 
should be allowed to proceed to the service (determining whether at least one security 
rule is associated with a security policy for exchanging messages between a client 
program and a server program and a security rule that describes a mapping between 
one or more keys respectively used by a client and a server program"), see 60/324,191 
pages 6 line 5 - Page 10 line 6, and web services infrastructure is able to intercept and 
modify any SOAP messages between client and server, i.e., able to insert parameters 
(map)that the web service provides for all method calls in that service (mapping one or 
more security identifiers which are recognized by a client program to one or more 
security identifiers which are recognized by the server program), see 60/324,191 page 
10 lines 7 -22. 

Furthermore, 60/329,796 discloses defining multiple credentials and each 
credential tag identifying the type of contained data (the specification defines tags to 
use for encoding x.509 certificates and Kerberos tickets) as well as encrypting data 
("mapping one or more encryption keys, decryption keys, signing keys, or keys used to 
verify one or more signatures between a client program and a server program" see 
60/329,796 pages 25 - 33. 
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Therefore, the examiner respectfully asserts that the cited prior arts have support 
and teach or suggest the subject matter "a security rule defined for a SOAP messages 
based on a security policy" and "a security rule including a mapping between one or 
more security-keys that are respectively used by a client and a server program" broadly 
recited in the claims. Accordingly, the rejection for the pending claims 1 - 68 is 
respectfully maintained. 



Claim Rejections - 35 USC § 102 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claims 1 - 3, 5, 15, 23 - 68 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Atwal et al. (U.S. Publication Number 2003/0061404). 

Regarding Claims 1 and 23, Atwal teaches and describes 

receiving a SOAP message (Page 4 paragraph [0052]; 

determining whether at least one security rule has been defined for the SOAP 
message, the at least one security rule being defined based on a security policy for 
exchanging SOAP messages between at least one client program and at least one 
server program, and performing at least one security related operation on the SOAP 
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message based on the at least one security rule when the determining determines that 
at least one security rule is associated with the SOAP message (Page 4 paragraph 
[0052 - 0055]). 

Regarding Claims 27, 38, 56 and 65, Atwal teaches and describes 

receiving a SOAP message, determining whether at least one rule is associated 
with the SOAP message (Page 4 paragraph [0052]); 

collecting data that may be required to evaluate the at least one rule (Page 4 
paragraph [0052 and 0055]); 

evaluating the at least one rule at least partially based on the collected data, and 
determining whether the SOAP message constitutes a service attack based on the 
evaluating of the at least one rule (Page 5 paragraph [0055] and Page 8 paragraph 
[0095 - 0096]). 

Regarding Claims 33 and 66, Atwal teaches and describes 

receiving a SOAP message, determining at least one of: (a) a message type for 
the SOAP message, (b) a sender for the SOAP message, and (c) a recipient for the 
SOAP message (Page 4 paragraph [0052]), 

determining whether at least one rule is associated with at least one of the 
message type (a) , the sender (b), and the recipient (c) (Page 4 paragraph [0052]), 

selecting at least one portion of the data which has been collected for at least 
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one of the message type (a) , the sender (b), and the recipient (c) (Page 4 paragraph 
[0052]); 

evaluating the at least one rule using the selected at least one portion of data 
(Page 4 paragraph [0052 and 0055]); and 

determining whether the SOAP message constitutes a service attack based on 
the evaluating of the at least one rule (Page 5 paragraph [0055] and Page 8 paragraph 
[0095 - 0096]). 

Regarding Claims 39 and 52, Atwal teaches and describes 

identifying a SOAP interface for which publication or access is requested (Page 
10 paragraph [0109]), 

determining whether one or more rules are associated with the SOAP interface, 
the one or more rules describing one or more policies with respect to publication of or 
access to the SOAP interface (Page 10 paragraph [01 11]), 

evaluating the SOAP interface, and determining whether publication of or access 
to the SOAP interface should be granted based on the evaluating of the SOAP interface 
(Page 1 0 paragraph [01 1 1 ]). 

Regarding Claim 53 , Atwal teaches and describes 
(a) identifying a SOAP interface and a WSDL file for the SOAP interface for 
which publication or access is requested, wherein the identifying can be performed by a 



Application/Control Number: 10/015,502 Page 9 

Art Unit: 2136 

first person by accessing a user interface of a SOAP traffic manager (Page 10 
paragraph [0109 and 0111]), 

(b) determining whether one or more rules already apply to the SOAP message, 
the one or more rules describing one or more policies with respect to publication of or 
access to the SOAP interface; wherein the determining (b) can be performed by the first 
person by accessing a user interface to a SOAP traffic manager (Page 10 paragraph 
[0111]), 

(c) requesting approval of one or more additional rules for the SOAP message 
wherein the requesting can be performed by the first person by accessing a user 
interface to a SOAP traffic manager (Page 10 paragraph [01 11]), 

(d) evaluating the SOAP interface or at least one rule associated with the SOAP 
interface, wherein the evaluating can be performed at least partly by a second person 
who can access the SOAP traffic manager, and wherein the at least one rule can be a 
pre-existing rule or an additional rule (Page 10 paragraph [01 12), and 

(e) determining whether the SOAP interface or at least one rule associated with 
the SOAP interface should be approved at least partly based on the evaluating, wherein 
the determining can be performed at least partly by a second person who can access 
the SOAP traffic manager (Page 10 paragraph [01 1 1 and 01 14]). 
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Claims 2 and 24 are rejected as applied about in rejecting Claims 1 and 23. 
Furthermore, Atwal teaches and describes wherein the at least one security rule 
describes a mapping between one or more security identifiers that are respectively used 
by the at least one client program and the at least one server program (Page 4 
paragraph [0050 and 0053]. 

Claims 3 and 25 are rejected as applied about in rejecting Claims 1 and 23. 
Furthermore, Atwal teaches and describes wherein the performing of at least one 
security operation includes mapping one or more security identifiers which are 
recognized by the at least one client program to one or more security identifiers which 
are recognized by the server program (Page 4 paragraph [0052] and Page 8 paragraph 
[0097]). 

Claim 5 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal 
teaches and describes wherein the method further comprises: 

determining a message type for the SOAP message, and wherein the 
determining of whether at least one security rule is associated with the SOAP message 
comprises: looking up rules which are associated with the message type (Page 4 
paragraph [0053] and Page 5 paragraph [0057 and 0059]). 
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Claim 15 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal 
teaches and describes wherein at least one portion of the SOAP message is in XML 
(Page 3 paragraph [0048]). 

Claims 22, 37, 51 and 64 are rejected as applied about in rejecting Claims 1, 27, 
39 and 56. Furthermore, Atwal teaches and describes a computer readable medium 
having computer program instructions stored therein for performing the method of claim 
1 (Page 2 paragraph [0017] and Page 14 paragraph [0155]). 

Claims 28 and 58 are rejected as applied about in rejecting Claims 27 and 56. 
Furthermore, Atwal teaches and describes wherein the determining of whether at least 
one rule is associated with the SOAP message comprises at least one of the acts of: 
(a) determining a message type for the SOAP message, (b) determining a sender node 
for the SOAP message, and (c) determining a recipient node for the SOAP message 
(Page 1 0 paragraph [01 1 0 and 01 1 1 ]). 

Claims 30 and 34 are rejected as applied about in rejecting Claim 27. 
Furthermore, Atwal teaches and describes wherein the method further comprises: 
denying service when the determining determines that the SOAP message constitutes a 
service attack (Page 7 paragraph [0084 and 0085] and Page 12 paragraph [0128]). 
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Claim 35 is rejected as applied about in rejecting Claim 33. Furthermore, Atwal 
teaches and describes taking remedial action when the determining determines that the 
SOAP message constitutes a service attack (Page 7 paragraph [0084 and 0085] and 
Page 12 paragraph [0128]). 

Claim 40 is rejected as applied about in rejecting Claim 39. Furthermore, Atwal 
teaches and describes wherein the method further comprises: identifying a WSDL file 
for the SOAP interface (Page 8 paragraph [0089 and 0091]). 

Claim 57 is rejected as applied about in rejecting Claim 56. Furthermore, Atwal 
teaches and describes herein the method further comprises: 

determining whether at least a portion of data of the SOAP message should 
be considered to evaluate the at east one rule when the determining determines that 
at east one rule is associated with the SOAP message (Page 8 paragraph [0089 and 
0091]). 

Claim 59 is rejected as applied about in rejecting Claim 56. Furthermore, Atwal 
teaches and describes wherein the at least one rule specifies at least a portion of the 
SOAP message which needs to be considered to evaluate the at least one rule (Page 8 
paragraph [0089 and 0091]). 
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Claims 61 and 67 are rejected as applied about in rejecting Claims 56 and 66. 
Furthermore, Atwal teaches and describes wherein the method further comprises: 
taking one or more actions when the determining of whether an action is required 
determines that action is required (Page 8 paragraph [0089 and 0091]). 

Claims 62 and 68 are rejected as applied about in rejecting Claims 56 and 66. 
Furthermore, Atwal teaches and describes wherein the method further comprises: 

taking one or more actions when the determining of whether an action 
is required determines that action is required, and wherein the one or more actions 
include holding the SOAP message, archiving the SOAP message, failing SOAP 
message delivery, sending a notification, and logging special notification (Page 8 
paragraph [0089 and 0091] and Page 10 paragraph [0107 and 0111]). 

Claim 45 is rejected as applied about in rejecting Claim 39. Furthermore, Atwal 
teaches and describes wherein the evaluating of the SOAP interface is done at least 
partly based on one or more rules associated with the SOAP interface (Page 6 
paragraph [0068 and 0069]). 

Claim 54 is rejected as applied about in rejecting Claim 39. Furthermore, Atwal 
teaches and describes wherein the first person is a programmer and the second person 
is an administrator (Page 7 paragraph [0085]). 
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Claim 55 is rejected as applied about in rejecting Claim 39, Furthermore, Atwal 
teaches and describes wherein the method further comprises: 

modifying the SOAP interface or one or more additional rules for the SOAP 
interface, wherein the modifying can be performed at least partly by a second person 
who can access the SOAP traffic manager (Page 7 paragraph [0085] and Page 13 
paragraph [0140]). 

Claim 29 is rejected as applied about in rejecting Claim 27. Furthermore, Atwal 
teaches and describes wherein the determining of data that may be required to evaluate 
the atleast one rule comprises: 

determining which portion of history of at least one of the message type, 
sender node, and recipient node should be collected (Page 10 paragraph [0109 and 
0111]). 

Claim 41 is rejected as applied about in rejecting Claim 40. Furthermore, Atwal 
teaches and describes wherein a programmer identifies the SOAP interface and the 
WSDL file (Page 7 paragraph [0082 and 01 1 1]). 

Claim 46 is rejected as applied about in rejecting Claim 45. Furthermore, Atwal 
teaches and describes wherein the evaluating of the SOAP interface is done at least 
partly by a person (Page 7 paragraph [0085]). 
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Claim 42 is rejected as applied about in rejecting Claim 41. Furthermore, Atwal 
teaches and describes wherein the programmer interacts with a user interface to 
identify the SOAP interface and the WSDL file (Page 7 paragraph [0082 and 01 11]). 

Claim 47 is rejected as applied about in rejecting Claim 46. Furthermore, Atwal 
teaches and describes wherein the person is an administrator (Page 7 paragraph 
[0085]). 

Claim 43 is rejected as applied about in rejecting Claim 42. Furthermore, Atwal 
teaches and describes wherein the programmer interacts with a user interface of a 
traffic manager to determine whether one or more existing rules are associated with the 
SOAP interface; and wherein the programmer interacts with a user interface of a traffic 
manager to request that one or more rules be approved for the SOAP interface (Page 7 
paragraph [0082 and 01 11]). 

Claim 44 is rejected as applied about in rejecting Claim 42. Furthermore, Atwal 
teaches and describes wherein the one or more rules associated with the SOAP 
interface can be rules associated with at least one of: a message type, a sender, or a 
recipient of SOAP messages that can be passed through the SOAP interface (Page 5 
paragraph [0062]). 
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Claim 48 is rejected as applied about in rejecting Claim 47. Furthermore, Atwal 
teaches and describes wherein the modifying the SOAP interface (Page 7 paragraph 
[0085] and Page 13 paragraph [0140]). 

Claim 49 is rejected as applied about in rejecting Claim 48. Furthermore, Atwal 
teaches and describes wherein the modifying is performed at least partly by a person 
(Page 7 paragraph [0085] and Page 13 paragraph [0140]). 

Claim 50 is rejected as applied about in rejecting Claim 49. Furthermore, Atwal 
teaches and describes wherein the person is an administrator (Page 7 paragraph 
[0085]). 

Claim 31 is rejected as applied about in rejecting Claim 30. Furthermore, Atwal 
teaches and describes wherein the method further comprises: 

taking remedial action when the determining determines that the SOAP 
message constitutes a service attack (Page 7 paragraph [0084 and 0085] and Page 12 
paragraph [0128]). 

Claim 32 is rejected as applied about in rejecting Claim 30. Furthermore, Atwal 
teaches and describes wherein the one or more remedial actions include notifying an 
administrator, holding the SOAP message, making a log entry, invoking a programming 
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object, and sending an additional SOAP message (Page 8 paragraph [0089 and 0091] 
and Page 1 0 paragraph [01 07 and 01 1 1 ]). 

Claim 60 is rejected as applied about in rejecting Claim 59. Furthermore, Atwal 
teaches and describes wherein the method further comprises: gathering at least one 
portion of the SOAP message (Page 3 paragraph [0048]). 

Claim 63 is rejected as applied about in rejecting Claim 63. Furthermore, Atwal 
teaches and describes wherein the SOAP message is held for review by a person 
(Page 10 paragraph 01 1 1). 



Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claims 4, 6-14, 16-21, 26 and 36 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Atwal et al. (U.S. Publication Number 2003/0061404, hereafter 
"Atwal") in view of Della-Libera et al. (U.S. Publication Number 2003/0074579, hereafter 
"Delia"). 
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Regarding Claim 16, Atwal discloses: 

receiving a SOAP message (Atwal Page 4 paragraph [0052]). 

determining whether at least one decryption rule is associated with the SOAP 
message attempting to decrypt the SOAP message using one or more keys associated 
with the at least one decryption rule when the determining determines that at least 
one decryption rule is associated with the SOAP message (Atwal Page 4 paragraph 
[0052] and Page 8 paragraph [0093]). Atwal does not explicitly disclose determining 
encryption/decryption rule associated with the SOAP message, verifying at least one 
signature associated with the SOAP message or signing SOAP message using one or 
more keys associated with the at least one signing rule. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein 

determining whether at least one decryption rule is associated with the SOAP 
message attempting to decrypt the SOAP message using one or more keys associated 
with the at least one decryption rule when the determining determines that at least 
one decryption rule is associated with the SOAP message (Delia Page 5 paragraph 
[0051 - 0053]) 

determining whether at least one encryption rule is associated with the SOAP 
message encrypting the SOAP message using one or more keys associated with the at 
least one decryption rule when the determining determines that at least one encryption 
rule is associated with the SOAP message (Delia Page 5 paragraph [0051 - 0054]) 
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determining whether at least one signature verification rule is associated with 
the SOAP message, verifying at least one signature associated with the SOAP 
message per requirements specified by the at least one signature verification rule when 
the determining determines that at least one signature verification rule is associated 
with the SOAP message (Delia Page 5 paragraph [0051 and 0055]) 

determining whether at least one signing rule is associated with the SOAP 
message, and signing the SOAP message using one or more keys associated with the 
at least one signing rule (Delia Page 5 paragraph [0051 - 0053] and Page 6 paragraph 
[0058 and 0059]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 

Claims 4 and 26 are rejected as applied about in rejecting Claims 3 and 23. 
Furthermore, Atwal does not discloses the security identifiers can include 
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one or more encryption keys, one or more decryption keys, one or more signing 
keys, and one or more keys used to verify one or more signatures. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the security identifiers can include one or more encryption 
keys, one or more decryption keys, one or more signing keys, and one or more keys 
used to verify one or more signatures (Delia Page 5 paragraph [0051 - 0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 

Claim 6 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal 
does not disclose the at least one security rule includes at least one decryption rule, and 
wherein the performing of the at least one operation comprises: determining whether 
the SOAP message is encrypted, and decrypting the SOAP message based on one or 
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more decryption keys which are associated with the at least one decryption rule. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the at least one security rule includes at least one decryption 
rule, and wherein the performing of the at least one operation comprises: determining 
whether the SOAP message is encrypted, and decrypting the SOAP message based on 
one or more decryption keys which are associated with the at least one decryption rule 
(Delia Page 5 paragraph [0051 - 0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 

Claim 8 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal do 
not discloses the at least one security rule includes at least one encryption rule, and 
wherein the performing of at least one operation comprises: encrypting the SOAP 
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message based on one or more encryption keys which are associated with the at least 
one encryption rule. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the at least one security rule includes at least one encryption 
rule, and wherein the performing of at least one operation comprises: encrypting the 
SOAP message based on one or more encryption keys which are associated with the at 
least one encryption rule (Delia Page 5 paragraph [0051 - 0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 

Claim 12 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal do 
not discloses the at least one security rule includes at least one signature verification 
rule, and wherein the performing of at least one operation comprises: verifying at least 
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one signature associated with the SOAP message per requirements specified by the at 
least one signature verification rule. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the at least one security rule includes at least one signature 
verification rule, and wherein the performing of at least one operation comprises: 
verifying at least one signature associated with the SOAP message per requirements 
specified by the at least one signature verification rule (Delia Page 5 paragraph [0051 - 
0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 
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Claim 14 is rejected as applied about in rejecting Claim 1. Furthermore, Atwal do 
not discloses the at least one security rule includes a signing rule; and wherein the 
performing of at least one operation comprises: signing the SOAP message using one 
or more keys which are associated with the at least one security rule. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the at least one security rule includes a signing rule; and 
wherein the performing of at least one operation comprises: signing the SOAP message 
using one or more keys which are associated with the at least one security rule (Delia 
Page 5 paragraph [0051 - 0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 
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Claim 17 is rejected as applied about in rejecting Claim 16. Furthermore, Atwal 
discloses a computer readable medium having computer program instructions stored 
therein for performing the method of claim 1 (Atwal Page 2 paragraph [0017] and Page 
14 paragraph [0155]). 

Claim 18 is rejected as applied about in rejecting Claim 16. Furthermore, Atwal 
discloses determining a message type for the SOAP message, and looking up rules 
which are associated with the message type (Atwal Page 4 paragraph [0053] and Page 
5 paragraph [0057 and 0059]). 

Claim 19 is rejected as applied about in rejecting Claim 16. Furthermore, Atwal 
discloses wherein at least one portion of the SOAP message is in XML (Atwal Page 3 
paragraph [0048]). 

Claim 20 is rejected as applied about in rejecting Claim 16. Furthermore, Delia 
discloses wherein the method further comprises: determining whether the SOAP 
message is encrypted before attempting to decrypt the SOAP message; 
determining whether the SOAP message has been encrypted successfully; 
and taking appropriate action when the determining determines that the SOAP 
message has not been encrypted successfully (Delia Page 5 paragraph [0052 and 
0053]). 
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Claim 7 is rejected as applied about in rejecting Claim 6. Furthermore, Delia 
discloses the one or more decryption keys are managed by an organization or define an 
organization role (Delia Page 2 paragraph [0029] and Page 3 paragraph [0035 and 
0037]). 

Claim 1 1 is rejected as applied about in rejecting Claim 6. Furthermore, Delia 
discloses determining whether the SOAP message is encrypted successfully; and 
taking appropriate action when the determining determines that the SOAP message has 
not been encrypted successfully (Delia Page 5 paragraph [0052 and 0053]). 

Claim 9 is rejected as applied about in rejecting Claim 8. Furthermore, Delia 
discloses wherein the one or more encryption keys are associated with an individual 
(Delia Page 5 paragraph [0051 - 0054]). 

Claim 10 is rejected as applied about in rejecting Claim 8. Furthermore, Delia 
discloses determining whether the SOAP message is encrypted before attempting to 
decrypt the SOAP message (Delia Page 5 paragraph [0051 - 0055]). 

Claims 13 and 21 are rejected as applied about in rejecting Claims 12 and 16. 
Furthermore, Atwal do not discloses the method further comprises: determining whether 
the at least one signature associated with the SOAP message has successfully been ' 
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verified, and taking appropriate action when the determining determines that one or 
more of the at least one signature has not been successfully verified. 

However, Delia discloses delegating security credentials in a distributed security 
system wherein security credentials may be passed between components or services 
using the SOAP, wherein the method further comprises: determining whether the at 
least one signature associated with the SOAP message has successfully been verified, 
and taking appropriate action when the determining determines that one or more of the 
at least one signature has not been successfully verified (Delia Page 5 paragraph [0051 
- 0054]). 

Motivation to combine the invention of Delia with Atwal's teachings comes from 
the need for securing the transaction sent over computer networks by various clients. 
Atwal provides a discussion of the needed security but silent as to the specific details of 
the technical cryptography involved, (See Atwal Page 8 paragraph [0093]). It would be 
obvious to one of ordinary skill in the art to combine Delia with Atwal because security 
through using encryption, decryption and digital signature security and confidentiality of 
SOAP messages may be achieved and Delia provides the details of how to secure 
SOAP messages (See Delia Page 5 paragraph [0051 - 0056] and Page 6 paragraph 
[0058 and 0059]). 

Claim 36 is rejected as applied about in rejecting Claim 7. Furthermore, Atwal 
discloses wherein the remedial action includes notifying an administrator, holding the 
SOAP message, making a log entry, invoking a programming object, and sending an 
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additional SOAP message (Page 7 paragraph [0084 and 0085] and Page 12 paragraph 
[0128]). 



Conclusion 



Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 



Pramila Parthasarathy 
February 16, 2006. 






